[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564)

* cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com>
author: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> 2022-05-15 10:16:43 +0100
committer: GitHub <noreply@github.com> 2022-05-15 11:16:43 +0200
commit: 223025fc27ef636206027b360201877848d426a4 (patch)
tree: d2f5f293caabdd82fbb87fed3730eb8f6f2e1c1f /vendor/codeberg.org/gruf/go-byteutil/bytes.go
parent: [chore] Update LE server to use copy of main http.Server{} to maintain server... (diff)
download: gotosocial-223025fc27ef636206027b360201877848d426a4.tar.xz
1 files changed, 19 insertions, 0 deletions
diff --git a/vendor/codeberg.org/gruf/go-byteutil/bytes.go b/vendor/codeberg.org/gruf/go-byteutil/bytes.go
index 4fbfe001d..eb57a90de 100644
--- a/vendor/codeberg.org/gruf/go-byteutil/bytes.go
+++ b/vendor/codeberg.org/gruf/go-byteutil/bytes.go
@@ -16,11 +16,30 @@ func Copy(b []byte) []byte {
 }
 
 // B2S returns a string representation of []byte without allocation.
+//
+// According to the Go spec strings are immutable and byte slices are not. The way this gets implemented is strings under the hood are:
+// type StringHeader struct {
+// 	Data uintptr
+// 	Len  int
+// }
+//
+// while slices are:
+// type SliceHeader struct {
+// 	Data uintptr
+// 	Len  int
+// 	Cap  int
+// }
+// because being mutable, you can change the data, length etc, but the string has to promise to be read-only to all who get copies of it.
+//
+// So in practice when you do a conversion of `string(byteSlice)` it actually performs an allocation because it has to copy the contents of the byte slice into a safe read-only state.
+//
+// Being that the shared fields are in the same struct indices (no different offsets), means that if you have a byte slice you can "forcibly" cast it to a string. Which in a lot of situations can be risky, because then it means you have a string that is NOT immutable, as if someone changes the data in the originating byte slice then the string will reflect that change! Now while this does seem hacky, and it _kind_ of is, it is something that you see performed in the standard library. If you look at the definition for `strings.Builder{}.String()` you'll see this :)
 func B2S(b []byte) string {
 	return *(*string)(unsafe.Pointer(&b))
 }
 
 // S2B returns a []byte representation of string without allocation (minus slice header).
+// See B2S() code comment, and this function's implementation for a better understanding.
 func S2B(s string) []byte {
 	var b []byte
author	kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>	2022-05-15 10:16:43 +0100
committer	GitHub <noreply@github.com>	2022-05-15 11:16:43 +0200
commit	223025fc27ef636206027b360201877848d426a4 (patch)
tree	d2f5f293caabdd82fbb87fed3730eb8f6f2e1c1f /vendor/codeberg.org/gruf/go-byteutil/bytes.go
parent	[chore] Update LE server to use copy of main http.Server{} to maintain server... (diff)
download	gotosocial-223025fc27ef636206027b360201877848d426a4.tar.xz